Fix parameter type of wolfSSL_sk_X509_pop() and wolfSSL_sk_X509_push()

[rOt779kVceSgL]

Description

This PR corrects the data type of the sk parameter in wolfSSL_sk_X509_pop() and wolfSSL_sk_X509_push().

Testing

• Build and install this branch

$ ./autogen.sh
$ ./configure --prefix=/usr --enable-opensslextra --enable-wolfclu
$ make
$ sudo make install

• Build and install wolfCLU
• Create two ECC keys and PEM certs with wolfCLU
• Copy and save the following test code as a.c

#include <stdio.h>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <wolfssl/openssl/pem.h>

static int
load_cert(WOLFSSL_X509 **out_x509, const char *in_file)
{
	int ret = -1;
	FILE *fp;
	WOLFSSL_X509 *tmp_x509;

	fp = fopen(in_file, "r");
	if (fp == NULL) {
		fprintf(stderr, "fopen() error. errno=%d, path=%s\n", errno, in_file);
		return -1;
	}

	tmp_x509 = wolfSSL_PEM_read_X509(fp, NULL, NULL, NULL);
	if (tmp_x509 == NULL) {
		fprintf(stderr, "wolfSSL_PEM_read_X509() error.\n");
		goto CLOSE_FP;
	}

	*out_x509 = tmp_x509;
	ret = 0;

CLOSE_FP:
	fclose(fp);

	return ret;
}

int
main(int argc, char *argv[])
{
	int ret = 1;
	int ret_sub;
	WOLF_STACK_OF(WOLFSSL_X509) *stack;
	WOLFSSL_X509 *x509_cert1;
	WOLFSSL_X509 *x509_cert2;
	WOLFSSL_X509 *popped;

	if (argc != 3) {
		printf("usage: %s <CERT1> <CERT2>\n", argv[0]);
		return 1;
	}

	ret_sub = load_cert(&x509_cert1, argv[1]);
	if (ret_sub != 0) {
		fprintf(stderr, "load_cert() error (cert1).\n");
		return 1;
	}

	ret_sub = load_cert(&x509_cert2, argv[2]);
	if (ret_sub != 0) {
		fprintf(stderr, "load_cert() error (cert2).\n");
		goto FREE_CERT1;
	}

	stack = wolfSSL_sk_X509_new_null();
	if (stack == NULL) {
		fprintf(stderr, "wolfSSL_sk_X509_new_null() error.\n");
		goto FREE_CERT2;
	}

	ret_sub = wolfSSL_sk_X509_push(stack, x509_cert1);
	if (ret_sub <= 0) {
		fprintf(stderr, "wolfSSL_sk_X509_push() error (cert1). ret=%d\n", ret_sub);
		goto FREE_STACK;
	}

	printf("pushed cert1. new size: %d\n", wolfSSL_sk_X509_num(stack));

	ret_sub = wolfSSL_sk_X509_push(stack, x509_cert2);
	if (ret_sub <= 0) {
		fprintf(stderr, "wolfSSL_sk_X509_push() error (cert2). ret=%d\n", ret_sub);
		goto POP_CERT1;
	}

	printf("pushed cert2. new size: %d\n", wolfSSL_sk_X509_num(stack));

	ret = 0;

	popped = wolfSSL_sk_X509_pop(stack);
	assert(popped != NULL);
	printf("popped cert2. new size: %d\n", wolfSSL_sk_X509_num(stack));

POP_CERT1:
	popped = wolfSSL_sk_X509_pop(stack);
	assert(popped != NULL);
	printf("popped cert1. new size: %d\n", wolfSSL_sk_X509_num(stack));

FREE_STACK:
	wolfSSL_sk_X509_free(stack);

FREE_CERT2:
	wolfSSL_X509_free(x509_cert2);

FREE_CERT1:
	wolfSSL_X509_free(x509_cert1);

	return ret;
}

• See no compile errors/warnings and expected result

user@ubuntu2404:~/work$ gcc -W -Wall a.c -lwolfssl
user@ubuntu2404:~/work$ ./a.out ecc1.cert ecc2.cert 
pushed cert1. new size: 1
pushed cert2. new size: 2
popped cert2. new size: 1
popped cert1. new size: 0
user@ubuntu2404:~/work$

• Modify the above snippet to use the previous (incorrect) data type WOLFSSL_X509_NAME instead of WOLFSSL_X509

user@ubuntu2404:~/work$ diff -u --color a.c b.c
--- a.c	2025-11-17 23:47:41.010887707 +0900
+++ b.c	2025-11-17 23:48:07.947576381 +0900
@@ -36,7 +36,7 @@
 {
 	int ret = 1;
 	int ret_sub;
-	WOLF_STACK_OF(WOLFSSL_X509) *stack;
+	WOLF_STACK_OF(WOLFSSL_X509_NAME) *stack;
 	WOLFSSL_X509 *x509_cert1;
 	WOLFSSL_X509 *x509_cert2;
 	WOLFSSL_X509 *popped;
user@ubuntu2404:~/work$

• See no compile errors/warnings and expected result

user@ubuntu2404:~/work$ gcc -W -Wall b.c -lwolfssl
user@ubuntu2404:~/work$ ./a.out ecc1.cert ecc2.cert 
pushed cert1. new size: 1
pushed cert2. new size: 2
popped cert2. new size: 1
popped cert1. new size: 0
user@ubuntu2404:~/work$ 

Checklist

• added tests → No, because this fixes the stuff that we can't check with tests
• updated/added doxygen → No, no doxygen here
• updated appropriate READMEs → No, no READMEs here
• Updated manual and documentation → No, no manual/documentation for these functions exists

[devin-ai-integration]

🛟 Devin Lifeguard found 1 likely issues in this PR

• do-not-change-external-apis snippet: Keep the original wolfSSL_sk_X509_push/pop wrappers with the old WOLF_STACK_OF(WOLFSSL_X509_NAME)* parameter, and introduce new functions (e.g., wolfSSL_sk_X509_push_ex / pop_ex) that take WOLF_STACK_OF(WOLFSSL_X509)*; have the old functions call the new ones after casting or performing any necessary translation.

@rOt779kVceSgL
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

[wolfSSL-Bot]

Can one of the admins verify this patch?

[embhorn]

Hello @rOt779kVceSgL

Thanks for your PR submission. We require a signed contributor agreement on file for all third party code changes. Please send an email to support@wolfssl.com referencing this PR to get started.

Kind regards,
@embhorn

[dgarske]

Jenkins... Okay to test